On 1/26/22 09:31, Christian Brauner wrote:
On Tue, Jan 25, 2022 at 05:46:43PM -0500, Stefan Berger wrote:
Hm, I'd rather do something like (uncompiled, untested):
+static ssize_t ima_write_active(struct file *filp,
const char __user *buf,
size_t count, loff_t *ppos)
{
struct ima_namespace *ns = &init_ima_ns;
int err;
unsigned int active;
char *kbuf = NULL;
ssize_t length;
if (count >= 3)
return -EINVAL;
/* No partial writes. */
if (*ppos != 0)
return -EINVAL;
if (ns_active(ns))
return -EBUSY;
kbuf = memdup_user_nul(buf, count);
if (IS_ERR(kbuf))
return PTR_ERR(kbuf);
err = kstrtouint(kbuf, 10, &active);
kfree(kbuf);
if (err)
return err;
if (active != 1)
return -EINVAL;
atomic_set(&ns->active, 1);
return count;
}
Rearranged it to look lik this?
static ssize_t ima_write_active(struct file *filp,
const char __user *buf,
size_t count, loff_t *ppos)
{
struct ima_namespace *ns = &init_ima_ns;
unsigned int active;
char *kbuf;
int err;
if (ns_is_active(ns))
return -EBUSY;
/* accepting '1\n' and '1\0' and no partial writes */
if (count >= 3 || *ppos != 0)
return -EINVAL;
kbuf = memdup_user_nul(buf, count);
if (IS_ERR(kbuf))
return PTR_ERR(kbuf);
err = kstrtouint(kbuf, 10, &active);
kfree(kbuf);
if (err)
return err;
if (active != 1)
return -EINVAL;
atomic_set(&ns->active, 1);
return count;
}
